Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

Hardware Refresh from 820 to 445, able to copy config from 820 into 445?

I need to refresh an 820 to a 445 then another pair of 820s in HA to a pair of 445 in HA. Using on the box for management, no Panorama. Can I take the configuration from the 820s and load it into the 445s? 820 are currently on 10.1.14-h8. If not, if there another tool which can be used? There is a couple site to site VPNs if that matters. Than...

Well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering in PA-450 box

We recently implemented a PA-450 firewall box in the organization and well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering. Any certain configurations we need to modify to avoid this? Find more info from the attached SS.

Many ping drops during failover

We have a setup as shown above and when we do a failover testing (power off the active firewall), we see atleast 15 ping drops when we ping devices from one vlan to another, The vlans are configured as sub-interfaces on the firewall. Switches are just L2We have configured HA1 and HA1 backup configuredIs it mandatory to configure HA2 to failover ...

ciscojuniperf5_0-1741821290980.png

Resolved! Security policies not working

I've come across the most odd issue that I can't figure it out for the life of me. I am only hopping it's some silly "tick box" or something I have missed. Long story short... I have created a very simple top security rule with IP address as a source (any zone/user/device) towards any destination (any zone/application/service) and set it to de...

Unable to Login on Secondary Device in Active Passive HA Using Superuser

Hello Team, We are currently facing an issue with logging into the secondary firewall in an Active-Passive HA setup using any superuser credentials other than the admin credentials. When we create a new superuser account or make changes on the active firewall, they are successfully replicated on the passive firewall, indicating that HA synch...

HIP-Check for tennant id check with regestry (CID)

Hello, im trying to do a hip check for the registry of the CID for CrowdStrike. in this link you can find the registry path and the registry itself for the CID. https://stackoverflow.com/questions/70030265/how-do-i-view-alphanumeric-registry-values-with-powershell but when doing th hip check with the data in there it dosent work, i dont get an ...

n.major by L1 Bithead
  • 702 Views
  • 0 replies
  • 0 Likes

PA-1400 Series Power Supply Specifications

Hello everyone, I would like to know the following three points about the specifications of the A-1400 series power supply. 1. The maximum power consumption value is different between the PA-1400 series spec sheet and the hardware reference. Is the maximum power consumption value of the A-1400 series listed in the hardware reference correct?...

IPSEC behind NAT

Hi all, I am trying to enable a IPSEC from PA1 to PA2 However PA1 sits behind a NAT device which I have no control of and the PA outside interface is been given a 192.16.1.X address I have gone through the following KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClopCAC but this still fails to function. Seems ...

Configuration for GUI access through public IP

Hello all, I'm new to the Palo Alto firewalls and pardon me for my bad English as I'm not a native English speaker.I'm trying to build the below network we currently have in my workplace in an eve-ng lab. I'm not able to access the GUI through the address of eth 0/0 HQ_ISP address (203.189.70.2) with my current config. I have configured a Manag...

dilsarahm2_0-1741326588717.png

Security update for Palo Alto 5050

Colleagues, good afternoon,We have encountered an issue where, due to unforeseen circumstances, we had to revert to the old hardware. Could someone help with updating the security patches? We need to load them onto the device.Is there a way to download and send the updates to us? Unfortunately, we cannot officially request them as our technical ...

Cyberark RDP sessions aging-out, disconnecting users

We are working on a deployment of CyberArk for identity management. At this point our problems are not with integrating it for authentication with the Palo. Our problem is that the connectors for CyberArk in our datacenter are dropping connections when our Admins are using the RDP sessions. CyberArk gave us some docs re: creating an applicat...

  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors